[U-Boot] [PATCH v2 2/6] efi_loader: Fix memory map size check to avoid out-of-bounds access
Stefan Brüns
stefan.bruens at rwth-aachen.de
Sat Oct 1 19:31:50 CEST 2016
Do not overwrite the specified size of the provided buffer without
having checked it is sufficient.
If the buffer is to small, memory_map_size is updated to indicate the
required size, and an error code is returned.
Signed-off-by: Stefan Brüns <stefan.bruens at rwth-aachen.de>
---
lib/efi_loader/efi_memory.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c
index ebe8e94..72a5870 100644
--- a/lib/efi_loader/efi_memory.c
+++ b/lib/efi_loader/efi_memory.c
@@ -342,6 +342,11 @@ efi_status_t efi_get_memory_map(unsigned long *memory_map_size,
map_size = map_entries * sizeof(struct efi_mem_desc);
+ if (*memory_map_size < map_size) {
+ *memory_map_size = map_size;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
*memory_map_size = map_size;
if (descriptor_size)
@@ -350,9 +355,6 @@ efi_status_t efi_get_memory_map(unsigned long *memory_map_size,
if (descriptor_version)
*descriptor_version = EFI_MEMORY_DESCRIPTOR_VERSION;
- if (*memory_map_size < map_size)
- return EFI_BUFFER_TOO_SMALL;
-
/* Copy list into array */
if (memory_map) {
/* Return the list in ascending order */
--
2.10.0
More information about the U-Boot
mailing list